Imperva Cyber Security Blog

Today, on the last day of RSA2013, InformationWeek
has published an article that analyzes the security spend of companies vs the
problems that they need to tackle. While referencing OWASP Top 10
Threats, they cover some of the more modern vectors of attack, focusing mainly
on SQL Injection.

To quote our CTO, Amichai Shulman, “SQL Injection should
have died years ago. Sadly, it didn’t.” SQL injection is one of the biggest
threats and easiest vectors for an attacker to steal data and compromise an
organization. Not only that, it has become industrialized, with tools like Havij, SQLmap
and others automating the attack and “dumbing it down” to make the it easier to
approach by non-experts.

Today, even in the largest organizations, CIO’s still focus
spending on fixing problems from the past: viruses and network threats that
used to be acute. What is interesting is that companies did so well in spending
in the right place in the past, and putting the right controls around their
assets to fix the old problems, that the problem has moved. Hackers are now
lurking in new places. It’s a classic example of “win the battle and lose the
war.”

Nowdays, hackers are all about data and how to get it for
profit. When that is the case, you should always expect them to look for the
weakest point in your organization, because easy money is the best kind of
money. SQL Injection is an easy way to get data.

What should you I do ?

Dork yourself, check what SQL Injection
really is and what is your threat.